XMPP Service Operators - 2021-05-13


  1. schäfchen726 has left
  2. Suren has joined
  3. Samir Allioui has left
  4. Samir Allioui has joined
  5. BaBa has left
  6. steven has left
  7. Bjarkan has joined
  8. patasca has left
  9. patasca has joined
  10. Mel has left
  11. Bjarkan has left
  12. x187x has joined
  13. CthulhuXOXOs has joined
  14. patasca has left
  15. patasca has joined
  16. Jonny has joined
  17. Mel has joined
  18. jayteeuk has left
  19. jayteeuk has joined
  20. seantodd has left
  21. seantodd has joined
  22. Samir Allioui has left
  23. Samir Allioui has joined
  24. Ivan A. has joined
  25. Araucaria has left
  26. Araucaria has joined
  27. patasca has left
  28. patasca has joined
  29. patasca has left
  30. patasca has joined
  31. patasca has left
  32. patasca has joined
  33. patasca has left
  34. patasca has joined
  35. Jonny has left
  36. Samir Allioui has left
  37. Samir Allioui has joined
  38. patasca has left
  39. patasca has joined
  40. quantumwings has left
  41. quantumwings has joined
  42. patasca has left
  43. Jonny has joined
  44. Licaon_Kter has joined
  45. Jonny has left
  46. Licaon_Kter has left
  47. Samir Allioui has left
  48. Samir Allioui has joined
  49. patasca has joined
  50. rob has left
  51. Mel has left
  52. Mel has joined
  53. patasca has left
  54. patasca has joined
  55. Samir Allioui has left
  56. Samir Allioui has joined
  57. patasca has left
  58. patasca has joined
  59. patasca has left
  60. patasca has joined
  61. kryptos has left
  62. patasca has left
  63. patasca has joined
  64. alacer has joined
  65. xorman has left
  66. Jonny has joined
  67. CthulhuXOXOs has left
  68. patasca has left
  69. xorman has joined
  70. balabol.im has joined
  71. alacer has left
  72. patasca has joined
  73. Araucaria has left
  74. ernst.on.tour has left
  75. ernst.on.tour has joined
  76. CthulhuXOXOs has joined
  77. Jonny has left
  78. bazurk has left
  79. Steven Roose has left
  80. thndrbvr has joined
  81. Araucaria has joined
  82. Samir Allioui has left
  83. patasca has left
  84. patasca has joined
  85. lorddavidiii has joined
  86. Samir Allioui has joined
  87. alacer has joined
  88. alacer has left
  89. neox has joined
  90. Bjarkan has joined
  91. ernst.on.tour has left
  92. Bjarkan has left
  93. ernst.on.tour has joined
  94. Mel has left
  95. Mel has joined
  96. ernst.on.tour has left
  97. ernst.on.tour has joined
  98. patasca has left
  99. Licaon_Kter has joined
  100. neox has left
  101. neox has joined
  102. neox has left
  103. neox has joined
  104. neox has left
  105. neox has joined
  106. kikuchiyo has left
  107. patasca has joined
  108. madmalkav has joined
  109. pod has joined
  110. ibikk has joined
  111. SouL has left
  112. patasca has left
  113. patasca has joined
  114. abslimit has left
  115. abslimit has joined
  116. patasca has left
  117. patasca has joined
  118. Jonny has joined
  119. abslimit has left
  120. SouL has joined
  121. alberto has joined
  122. xorman has left
  123. abslimit has joined
  124. SouL has left
  125. Bjarkan has joined
  126. abidal3 has joined
  127. Bjarkan has left
  128. Araucaria has left
  129. Araucaria has joined
  130. Alex has left
  131. SouL has joined
  132. Steven Roose has joined
  133. mike Chinwag.im turns six years old today. I remember around the time I set it up there was barely half a dozen people in this channel most of the time. Keep up the good work, folks.
  134. Licaon_Kter mike: heh, I saw your posts about how to setup, when I was looking for info for mine :) 👍
  135. mike Nice, yeah they still get a bit of traffic too, even though they're a bit out of date now. Glad to have been of some use. 😁
  136. Licaon_Kter Not sure I used them in the end, I went with the docs mostly, and harassed the ejabberd devs :))
  137. Araucaria has left
  138. Steven Roose has left
  139. balabol.im has left
  140. Araucaria has joined
  141. Steven Roose has joined
  142. mike Yeah fair call, if you went ejabberd there's not much applicable. Although the page getting the most hits these days is the one where I got into how the SRV records work, might be worth give that a polish as it's more relevant than anything else.
  143. Douglas Terabyte has left
  144. Douglas Terabyte has joined
  145. balabol.im has joined
  146. christian mike: witch one is it? Let me see it :)))
  147. Douglas Terabyte has left
  148. sol has left
  149. nickomemo has left
  150. Douglas Terabyte has joined
  151. yushyin has left
  152. nickomemo has joined
  153. schäfchen726 has joined
  154. mike christian: you mean the tutorial pages? It's here: https://bremensaki.com/chinwag/ Bear in mind it's six years old and uses some software and services that no longer exist. Jappix and StartSSL spring to mind.
  155. Douglas Terabyte has left
  156. christian mike: OK. And you don't need that HDD space for something else?
  157. abslimit has left
  158. mike It's just a collection of blog posts, as a diary of how I started Chinwag when it was a new server it's still accurate.
  159. yushyin has joined
  160. Sam has left
  161. Douglas Terabyte has joined
  162. christian Software is probably the most inflationary commodity
  163. christian I sometimes wonder how long it takes us to understand that it's just procrastination, and that we actually need to be treated.
  164. Sam has joined
  165. abslimit has joined
  166. Bjarkan has joined
  167. Douglas Terabyte has left
  168. Douglas Terabyte has joined
  169. jayteeuk has left
  170. jayteeuk has joined
  171. Bjarkan has left
  172. Mel has left
  173. Mel has joined
  174. marc0s has left
  175. marc0s has joined
  176. xorman has joined
  177. Bjarkan has joined
  178. Douglas Terabyte has left
  179. Douglas Terabyte has joined
  180. CthulhuXOXOs has left
  181. Bjarkan has left
  182. CthulhuXOXOs has joined
  183. Araucaria has left
  184. Araucaria has joined
  185. p55s has left
  186. Anhydrous christian: tech just got dumped hard in the stock market, interestingly enough.
  187. abidal3 has left
  188. Anhydrous I wonder if they got notified by xmpp ;p
  189. Bjarkan has joined
  190. Licaon_Kter Anhydrous: umm?
  191. Araucaria has left
  192. patasca has left
  193. patasca has joined
  194. xorman has left
  195. abslimit has left
  196. Bjarkan has left
  197. christian I think it's much simpler, they looked at the electricity bill of the data centers that do nothing but distribute the banners that are currently blocked by them.
  198. Anhydrous christian: the elon musk effect on bitcoin
  199. patasca has left
  200. patasca has joined
  201. Anhydrous Either way, it would be nice to see more investment in xmpp.
  202. Araucaria has joined
  203. Bjarkan has joined
  204. karme has joined
  205. abslimit has joined
  206. sol has joined
  207. neox has left
  208. Suren has left
  209. 404.city has joined
  210. Suren has joined
  211. 404.city has left
  212. Araucaria has left
  213. Araucaria has joined
  214. patasca has left
  215. abidal3 has joined
  216. steven has joined
  217. abidal3 has left
  218. Araucaria has left
  219. abslimit has left
  220. xorman has joined
  221. Araucaria has joined
  222. Martin Link Mauve: Error from REDACTED@linkmauve.fr: Server-to-server connection failed: No route to host
  223. sebastian has left
  224. sebastian has joined
  225. mathieui Martin: his router is still dead
  226. Martin Oh, I thought he was back after I had this issue the last time.
  227. Araucaria has left
  228. riccio has left
  229. riccio has joined
  230. xorman has left
  231. Huxx has joined
  232. karme has left
  233. Araucaria has joined
  234. abidal3 has joined
  235. CthulhuXOXOs has left
  236. nickomemo has left
  237. thndrbvr has left
  238. thndrbvr has joined
  239. Pingu from Woodquarter has left
  240. Mel has left
  241. Mel has joined
  242. abidal3 has left
  243. Pingu from Woodquarter has joined
  244. CthulhuXOXOs has joined
  245. abslimit has joined
  246. mjk has joined
  247. undefined has left
  248. Araucaria has left
  249. karme has joined
  250. abslimit has left
  251. abslimit has joined
  252. Araucaria has joined
  253. x51 has joined
  254. abidal3 has joined
  255. Araucaria has left
  256. Wojtek has joined
  257. WojtekIM has joined
  258. Araucaria has joined
  259. xorman has joined
  260. CthulhuXOXOs has left
  261. CthulhuXOXOs has joined
  262. Bjarkan has left
  263. creep.im has left
  264. creep.im has joined
  265. neox has joined
  266. WojtekIM has left
  267. Wojtek has left
  268. xorman has left
  269. WojtekIM has joined
  270. Wojtek has joined
  271. Bjarkan has joined
  272. sol has left
  273. guus.der.kinderen has joined
  274. kikuchiyo has joined
  275. Bjarkan has left
  276. xorman has joined
  277. guus.der.kinderen has left
  278. Bjarkan has joined
  279. xorman has left
  280. neox has left
  281. neox has joined
  282. sol has joined
  283. Bjarkan has left
  284. Araucaria has left
  285. mjk has left
  286. millesimus has left
  287. Martin has left
  288. Martin has joined
  289. Araucaria has joined
  290. Bjarkan has joined
  291. Martin has left
  292. Martin has joined
  293. ross has left
  294. ross has joined
  295. kryptos has joined
  296. mjk has joined
  297. Araucaria has left
  298. kryptos has left
  299. Araucaria has joined
  300. ross has left
  301. ross has joined
  302. ross has left
  303. ross has joined
  304. ross has left
  305. ross has joined
  306. ross has left
  307. ross has joined
  308. kryptos has joined
  309. abslimit has left
  310. sander has joined
  311. serge90 has joined
  312. xorman has joined
  313. diane has left
  314. abslimit has joined
  315. diane has joined
  316. jayteeuk has left
  317. jayteeuk has joined
  318. Araucaria has left
  319. bazurk has joined
  320. Araucaria has joined
  321. karme has left
  322. Pingu from Woodquarter has left
  323. Bjarkan has left
  324. Pingu from Woodquarter has joined
  325. Bjarkan has joined
  326. kryptos has left
  327. dinosaurdynasty has left
  328. dinosaurdynasty has joined
  329. guus.der.kinderen has joined
  330. eta has left
  331. eta has joined
  332. rom1dep has joined
  333. guus.der.kinderen has left
  334. kikuchiyo has left
  335. sander has left
  336. patasca has joined
  337. Pingu from Woodquarter has left
  338. Pingu from Woodquarter has joined
  339. ross has left
  340. ross has joined
  341. mjk has left
  342. Mel has left
  343. sander has joined
  344. sander has left
  345. sander has joined
  346. sander has left
  347. Licaon_Kter has left
  348. patasca has left
  349. Licaon_Kter has joined
  350. undefined has joined
  351. mjk has joined
  352. patasca has joined
  353. patasca has left
  354. patasca has joined
  355. patasca has left
  356. patasca has joined
  357. rob has joined
  358. rob I'm back, Ubuntu knocked my server out a bit. I was working on setting up a second wireguard connection and systemd resolve decided to bork DNS. All from nothing more than some wg-quick up/down, no reboots or software installation
  359. maxwell has left
  360. Mel has joined
  361. Araucaria has left
  362. loopboom has joined
  363. Araucaria has joined
  364. loopboom has left
  365. sander has joined
  366. moparisthebest PSA: upgrade your prosody's ASAP people https://prosody.im/security/advisory_20210512/
  367. patasca has left
  368. patasca has joined
  369. Pingu from Woodquarter has left
  370. patasca has left
  371. patasca has joined
  372. Pingu from Woodquarter has joined
  373. henrik has left
  374. Bjarkan has left
  375. millesimus has joined
  376. xorman has left
  377. patasca has left
  378. patasca has joined
  379. patasca has left
  380. patasca has joined
  381. melvo has joined
  382. sol has left
  383. Bjarkan has joined
  384. henrik has joined
  385. patasca has left
  386. patasca has joined
  387. patasca has left
  388. patasca has joined
  389. sol has joined
  390. millesimus has left
  391. Bjarkan has left
  392. p55s has joined
  393. ij > Chinwag.im turns six years old today. I remember around the time I set it up there was barely half a dozen people in this channel most of the time. Keep up the good work, folks. Mike, I did some research the other day and it seems that I set up XMPP in November 2007… I don’t think that this MUC existed back then… ;)
  394. Bjarkan has joined
  395. Bjarkan has left
  396. millesimus has joined
  397. Araucaria has left
  398. Licaon_Kter moparisthebest: > adopt the same default size limits that are already enforced by ejabberd Thase wer se bumped based on stats Holger ?
  399. Licaon_Kter moparisthebest: > adopt the same default size limits that are already enforced by ejabberd Thase were bumped based on stats Holger ?
  400. patasca has left
  401. Licaon_Kter > adopt the same default size limits that are already enforced by ejabberd Those were bumped based on stats Holger ?
  402. moparisthebest has left
  403. moparisthebest has joined
  404. eta has left
  405. Holger Not really. I wrote Matt the other day: > The current limits are a compromise of me wanting to bump them after seeing users running into avatar problems, vs. p1 always being afraid of making the server more prone to DoS attacks.
  406. eta has joined
  407. patasca has joined
  408. Licaon_Kter Yeah, avatars I remember but, not much else, 10Mb seemed too big though.
  409. Licaon_Kter moparisthebest: your proxy exists to fix these or it helped you discover them?
  410. moparisthebest first :)
  411. rob > first :) Good to know
  412. Bjarkan has joined
  413. moparisthebest it just makes sure too-big stanzas don't reach prosody at all though, so without a sensible limit won't help anyway
  414. Araucaria has joined
  415. quantumwings has left
  416. Roi has left
  417. moparisthebest if anyone runs arch and trusts me https://burtrum.org/aur/prosody-1%3A0.11.9-1-x86_64.pkg.tar.zst or build yourself https://github.com/moparisthebest/arch-ppa/tree/master/src/prosody
  418. eta has left
  419. undefined has left
  420. Roi has joined
  421. eta has joined
  422. MattJ FWIW "10MB" was never really meant to be a sensible limit, we added it because of well, obvious reasons. But nobody ever lowered it, and we never had good stats on what defaults to choose. I think it makes sense for the two most popular implementations to agree though.
  423. Araucaria Does proxy65 have any reason to be enabled?
  424. ross has left
  425. ross has joined
  426. MattJ Yes, if you want to send large files to someone and one or both of you are behind a NAT
  427. Araucaria But it is obviated by http upload?
  428. rob Araucaria: for sending files when direct doesn't work I believe
  429. moparisthebest Araucaria, Conversations for instance will use that if the file is too big for your http upload limits I think ?
  430. quantumwings has joined
  431. rob But yes, I guess http_upload with huge limits would do the same
  432. Bjarkan has left
  433. millesimus has left
  434. patasca has left
  435. patasca has joined
  436. Mel has left
  437. Mel has joined
  438. millesimus has joined
  439. marc has left
  440. marc has joined
  441. patasca has left
  442. WojtekIM has left
  443. Wojtek has left
  444. WojtekIM has joined
  445. Wojtek has joined
  446. mathieui has left
  447. mathieui has joined
  448. patasca has joined
  449. Araucaria has left
  450. millesimus has left
  451. Araucaria has joined
  452. Mel has left
  453. patasca has left
  454. patasca has joined
  455. millesimus has joined
  456. melvo has left
  457. patasca has left
  458. patasca has joined
  459. patasca has left
  460. patasca has joined
  461. Alex has joined
  462. undefined has joined
  463. ross has left
  464. ross has joined
  465. Mel has joined
  466. balabol.im has left
  467. undefined has left
  468. balabol.im has joined
  469. Bjarkan has joined
  470. CthulhuXOXOs has left
  471. CthulhuXOXOs has joined
  472. patasca has left
  473. patasca has joined
  474. Bjarkan has left
  475. bazurk has left
  476. millesimus has left
  477. millesimus has joined
  478. bazurk has joined
  479. patasca has left
  480. patasca has joined
  481. patasca has left
  482. patasca has joined
  483. bauruine has left
  484. bauruine has joined
  485. sebastian has left
  486. sebastian has joined
  487. Bjarkan has joined
  488. Araucaria has left
  489. patasca has left
  490. patasca has joined
  491. thndrbvr has left
  492. 404.city has joined
  493. Araucaria has joined
  494. 404.city has left
  495. Bjarkan has left
  496. mjk has left
  497. patasca has left
  498. patasca has joined
  499. xorman has joined
  500. alberto has left
  501. mjk has joined
  502. kryptos has joined
  503. Araucaria has left
  504. Bjarkan has joined
  505. Araucaria has joined
  506. karme has joined
  507. patasca has left
  508. patasca has joined
  509. karme has left
  510. mjk has left
  511. karme has joined
  512. Bjarkan has left
  513. Mel has left
  514. Mel has joined
  515. Araucaria has left
  516. Araucaria has joined
  517. Bjarkan has joined
  518. patasca has left
  519. patasca has joined
  520. balabol.im has left
  521. ernst.on.tour has left
  522. ernst.on.tour has joined
  523. patasca has left
  524. patasca has joined
  525. Bjarkan has left
  526. patasca has left
  527. patasca has joined
  528. balabol.im has joined
  529. Araucaria has left
  530. Araucaria has joined
  531. patasca has left
  532. patasca has joined
  533. patasca has left
  534. patasca has joined
  535. Bjarkan has joined
  536. patasca has left
  537. patasca has joined
  538. wladmis has left
  539. WojtekIM has left
  540. Wojtek has left
  541. alberto has joined
  542. wladmis has joined
  543. marc0s has left
  544. marc0s has joined
  545. xorman rob: are you aware that systemd-resolvd defaults to 8.8.8.8?
  546. Araucaria xorman: that is only a fallback
  547. rob xorman: Mine was not, it was adding a bunch like 127.0.0.1 and then two 75.x.x.x something and then I've one my local network, guessing router but only 3 are supported
  548. patasca has left
  549. rob Either way it didn't work until I overwrote the symlink and hard-coded it
  550. rob But previously it worked fine so idk
  551. mjk has joined
  552. balabol.im has left
  553. balabol.im has joined
  554. wladmis has left
  555. patasca has joined
  556. Bjarkan has left
  557. croax has left
  558. croax has joined
  559. kryptos has left
  560. patasca has left
  561. patasca has joined
  562. ross has left
  563. ross has joined
  564. ross has left
  565. ross has joined
  566. patasca has left
  567. patasca has joined
  568. alex has joined
  569. thndrbvr has joined
  570. alex has left
  571. balabol.im has left
  572. karme has left
  573. karme has joined
  574. Bjarkan has joined
  575. Mel has left
  576. balabol.im has joined
  577. jl4 has joined
  578. jl4 heya XMPPers
  579. jl4 just to inform you that we have a Plan in Catalonia / Barcelona to introduce XMPP in the Schools
  580. jl4 slowly progressing,
  581. jl4 you know, technopolitics...
  582. Mel has joined
  583. jl4 it would be part of Zimbra + Nextcloud + XMPP combo and bla,bla
  584. jl4 ...
  585. moparisthebest awesome, what servers/clients do you plan to use ?
  586. jl4 we are considering Prosody and ConverseJS
  587. jl4 for now...
  588. jl4 alpha phase (> Beta on Snikket ? )
  589. Ian Macdonald has left
  590. ernst.on.tour jl4: in 1 school or in the whole town ? Which schoolform ? Elementary school or also olders ?
  591. croax Aprofitat 👍
  592. Ian Macdonald has joined
  593. Ian Macdonald has left
  594. Ian Macdonald has joined
  595. Ian Macdonald has left
  596. tom » https://hg.prosody.im/trunk/rev/db8e41eb6eff I just want to state that these defaults are total rubbish and way too small, and I've always said that about ejabberd
  597. balabol.im has left
  598. tom As well as this https://hg.prosody.im/trunk/rev/b0d8920ed5e5
  599. Anhydrous croax: catalan?
  600. Ian Macdonald has joined
  601. Ian Macdonald has left
  602. jl4 starting with some isoletd shcools and moving onto a network of Schools
  603. jl4 salut
  604. tom Rate limiting without active queue management is just a recipe for lag
  605. jl4 ernst.on.tour
  606. Ian Macdonald has joined
  607. Ian Macdonald has left
  608. jl4 i'm gonna run an alpha test on a Secondary School in Madrid
  609. Ian Macdonald has joined
  610. Ian Macdonald has left
  611. tom » https://hg.prosody.im/trunk/rev/63fd4c8465fb total rubbish
  612. xorman awesome
  613. tom This isn't a metigation
  614. tom 1MB
  615. tom Come on
  616. Ian Macdonald has joined
  617. Ian Macdonald has left
  618. Ian Macdonald has joined
  619. Ian Macdonald has left
  620. jl4 stay tuned ...
  621. mjk has left
  622. Ian Macdonald has joined
  623. patasca has left
  624. Ian Macdonald has left
  625. patasca has joined
  626. Ian Macdonald has joined
  627. Ian Macdonald has left
  628. Ian Macdonald has joined
  629. Ian Macdonald has left
  630. balabol.im has joined
  631. moparisthebest tom, the default in the configuration file matches ejabberd's 256kb for c2s and double for s2s
  632. moparisthebest patches to raise them without wildly unconstrained memory growth presumably welcome...
  633. Ian Macdonald has joined
  634. Ian Macdonald has left
  635. moparisthebest if you don't apply these patches, it's easy to grow prosody's memory use to 5gb+ in seconds
  636. Ian Macdonald has joined
  637. Ian Macdonald has left
  638. Ian Macdonald has joined
  639. Ian Macdonald has left
  640. ernst.on.tour Nice... Hope anything is running well, I've lost the "fight" against the officials, only 2 private schools (church) were willing to spend some money for hardware. Raspi wasn't an alternative, first one (Raspi A+) was just released.
  641. Ian Macdonald has joined
  642. Ian Macdonald has left
  643. Ian Macdonald has joined
  644. Ian Macdonald has left
  645. anu2019 has left
  646. Ian Macdonald has joined
  647. Ian Macdonald has left
  648. Ian Macdonald has joined
  649. Ian Macdonald has left
  650. Ian Macdonald has joined
  651. Ian Macdonald has left
  652. ben.o.verbich has left
  653. Ian Macdonald has joined
  654. Ian Macdonald has left
  655. Ian Macdonald has joined
  656. Ian Macdonald has left
  657. marc0s has left
  658. Ian Macdonald has joined
  659. marc0s has joined
  660. Ian Macdonald has left
  661. Ian Macdonald has joined
  662. Ian Macdonald has left
  663. marc0s has left
  664. marc0s has joined
  665. Ian Macdonald has joined
  666. Ian Macdonald has left
  667. Ian Macdonald has joined
  668. Ian Macdonald has left
  669. kryptos has joined
  670. Ian Macdonald has joined
  671. Ian Macdonald has left
  672. Ian Macdonald has joined
  673. Ian Macdonald has left
  674. ben.o.verbich has joined
  675. Ian Macdonald has joined
  676. Ian Macdonald has left
  677. Ian Macdonald has joined
  678. Ian Macdonald has left
  679. Ian Macdonald has joined
  680. Ian Macdonald has left
  681. abslimit has left
  682. Ian Macdonald has joined
  683. Ian Macdonald has left
  684. Ian Macdonald has joined
  685. Ian Macdonald has left
  686. abslimit has joined
  687. Ian Macdonald has joined
  688. Ian Macdonald has left
  689. Ian Macdonald has joined
  690. Ian Macdonald has left
  691. Ian Macdonald has joined
  692. Ian Macdonald has left
  693. Ian Macdonald has joined
  694. Ian Macdonald has left
  695. Ian Macdonald has joined
  696. Ian Macdonald has left
  697. Ian Macdonald has joined
  698. Ian Macdonald has left
  699. Ian Macdonald has joined
  700. Ian Macdonald has left
  701. Ian Macdonald has joined
  702. Ian Macdonald has left
  703. Ian Macdonald has joined
  704. Ian Macdonald has left
  705. Ian Macdonald has joined
  706. Ian Macdonald has left
  707. Ian Macdonald has joined
  708. Ian Macdonald has left
  709. Ian Macdonald has joined
  710. Ian Macdonald has left
  711. Ian Macdonald has joined
  712. Ian Macdonald has left
  713. anu2019 has joined
  714. Ian Macdonald has joined
  715. Ian Macdonald has left
  716. Araucaria Is 1mb for s2s stanza limit too high?
  717. Ian Macdonald has joined
  718. Ian Macdonald has left
  719. Araucaria At .5mb I had s2s disconnects due to policy violations
  720. tom I think it's WAAY too low
  721. moparisthebest 512k is the default in prosody and ejabberd Araucaria
  722. moparisthebest it's fine, it'll reconnect
  723. Ian Macdonald has joined
  724. Ian Macdonald has left
  725. tom Please people do not rush up updating to prosody 11.9
  726. moparisthebest let me be clear: if you aren't on prosody 0.11.9 and you don't apply the suggested config changes, your server can be ran out of memory *in seconds* without someone even having an account on it
  727. tom The only thing, besides a timing attack for muc passwords (which people rarely use anyways) it fixes are a potential dos vector with questional state size and rate limits
  728. moparisthebest I have a simple program that will do this
  729. Ian Macdonald has joined
  730. Ian Macdonald has left
  731. moparisthebest if you don't believe me and wish me to point it at your server for a demonstration, I can do that for you, obviously only if you ask though
  732. Ian Macdonald has joined
  733. Ian Macdonald has left
  734. tom Unless your actually getting ddosed, I would suggest holding off and letting this update stew for a while to come up with either A, a better solution or B, saner default limits
  735. moparisthebest sure, leave your server wide-open to known trivial DOS if you want, I wouldn't advise it though
  736. Araucaria Do most people not just run prosody from the nightly repo?
  737. tom moparisthebest: I would appreciate if you could send me your proof of concept program so that I could test on my own time for limits that work better for m
  738. moparisthebest I run the latest stable release
  739. tom E
  740. Ian Macdonald has joined
  741. Ian Macdonald has left
  742. tom However my main concern is interoperability of XMPP at large
  743. tom I don't think people should be in a huge rush to install this update unless they are under attack
  744. tom Especially not all at ounce
  745. moparisthebest I'll release it in a sane amount of time, maybe a week or so, let's see how fast various distros update but to be clear, now that the info is released "stanza size limits are needed" anyone who can write a program that uses TCP can write this in minutes
  746. kryptos has left
  747. Ian Macdonald has joined
  748. Ian Macdonald has left
  749. moparisthebest a large portion of in-the-wild XMPP servers already have these limits, it's fine
  750. tom Yeah but TCSR vulns have been a thing for a very long time
  751. tom Yet here we are
  752. patasca has left
  753. tom (tls client-side renegotiation)
  754. Ian Macdonald has joined
  755. Ian Macdonald has left
  756. Ian Macdonald has joined
  757. Ian Macdonald has left
  758. moparisthebest so if you are absolutely crazy (my opinion) and want to run way-too-big-stanza-sizes, you still need to update to 0.11.9 right away for the other critical fixes, you can just set the stanza limits as you like then
  759. Ian Macdonald has joined
  760. tom » <moparisthebest> a large portion of in-the-wild XMPP servers already have these limits, it's fine yeah, that's the problem. It's been causing lots of S2S resets from policy violations about stanza size limits, as well as severe lag
  761. Ian Macdonald has left
  762. moparisthebest the TLS and proxy65 and gc fixes are still required
  763. tom I've had several people move to my server due to rate limiting induced lag and stanzas being dropped
  764. tom They just aren't critical to me moparisthebest
  765. Ian Macdonald has joined
  766. Ian Macdonald has left
  767. moparisthebest what kind of lag will you have when your server is using 16G of ram on demand :P
  768. moparisthebest how big of a server are you running on
  769. tom Not very big, but I already have proccess-supervisory, periodic heal-checking, and container limits setup
  770. Ian Macdonald has joined
  771. lorddavidiii has left
  772. Ian Macdonald has left
  773. tom What i'm saying is that the stanza size and rate limiting is not sane yet and needs to be though out further. I have no problems with the other mitigations
  774. tom But
  775. moparisthebest so your init system will just repeatedly kill prosody then? :P
  776. tom The other metigations are not new to me
  777. moparisthebest that'll be nice for your users
  778. Ian Macdonald has joined
  779. tom It's a balance moparisthebest
  780. Ian Macdonald has left
  781. Ian Macdonald has joined
  782. Ian Macdonald has left
  783. tom A balance between interoperability, latency, and security
  784. Ian Macdonald has joined
  785. Ian Macdonald has left
  786. tom I'm not ready to adopt those insane stanza size and rate limits
  787. Ian Macdonald has joined
  788. Ian Macdonald has left
  789. Ian Macdonald has joined
  790. Ian Macdonald has left
  791. moparisthebest sure, choose between changing them to match the rest of the entire network, or your server crashing every 2 seconds
  792. Ian Macdonald has joined
  793. tom The mac password timing attack is not something any of my users use passwords on their mucs
  794. Ian Macdonald has left
  795. tom I can hold off
  796. moparisthebest don't run proxy65 or TLS either ?
  797. Araucaria Updates are your friend.
  798. Araucaria Please update
  799. moparisthebest why wouldn't you just upgrade and apply the stanza size limits you wish ?
  800. Araucaria 🐣
  801. moparisthebest the gc one is *very important* too btw
  802. Ian Macdonald has joined
  803. Ian Macdonald has left
  804. tom Ok
  805. Ian Macdonald has joined
  806. Ian Macdonald has left
  807. tom I don't think s2s or c2s rate limiting without active queue management is reasonable AT ALL
  808. Ian Macdonald has joined
  809. Ian Macdonald has left
  810. moparisthebest if you are ok with CPU eating, sure, remove those
  811. Ian Macdonald has joined
  812. tom I'm not sure what stanza size limits are good for me yet, but those defaults are definitely too small
  813. Ian Macdonald has left
  814. moparisthebest I mean rather, don't enable mod_limits
  815. Ian Macdonald has joined
  816. Ian Macdonald has left
  817. tom This is certainly bad news for federation at least up front
  818. Ian Macdonald has joined
  819. Ian Macdonald has left
  820. Ian Macdonald has joined
  821. Ian Macdonald has left
  822. tom Does prosody support the PROXY protocol already?
  823. moparisthebest I see it as good news, that the 2 main implementations now agree on stanza sizes :)
  824. moparisthebest with mod_net_proxy yes
  825. tom Thanks
  826. Ian Macdonald has joined
  827. Ian Macdonald has left
  828. moparisthebest this was my mitigation before 0.11.9 was released :) https://github.com/moparisthebest/xmpp-proxy , just prevents too-big stanzas from reaching prosody in the first place
  829. Araucaria What is the usecase for such large stanzas?
  830. Ian Macdonald has joined
  831. Ian Macdonald has left
  832. moparisthebest Araucaria, the only thing I've ever seen violate them is when some idiots sets a 10mb avatar which is sent as base64'd text
  833. Ian Macdonald has joined
  834. Ian Macdonald has left
  835. moparisthebest personally I like my server not sending those on to my clients but hey, you do you
  836. tom Copy-pasting news articles into mucs, large avatars such as the ones published by artists
  837. moparisthebest a good client would split news articles up as needed
  838. jl4 has left
  839. x51 has left
  840. moparisthebest large avatars can go straight to hell, how inconsiderate of you of other people's bandwidth
  841. Ian Macdonald has joined
  842. Ian Macdonald has left
  843. Ian Macdonald has joined
  844. Ian Macdonald has left
  845. tom We don't have the luxury of disparaging clients for minute details like that
  846. tom And
  847. Ian Macdonald has joined
  848. Ian Macdonald has left
  849. Ian Macdonald has joined
  850. Ian Macdonald has left
  851. tom That's a subjective opinion. One that doesn't account for a host with lots of artists
  852. tom Or visually inclined people
  853. moparisthebest do clients exist where you can zoom in on avatars that much ?
  854. tom Yes
  855. tom Psi+ for one
  856. moparisthebest hi quality pictures shouldn't be sent over base64 in XML
  857. Ian Macdonald has joined
  858. Ian Macdonald has left
  859. moparisthebest invent another way, probably http upload
  860. tom You just click on an avatar and use your scrollwheel or resize the window
  861. Ian Macdonald has joined
  862. Ian Macdonald has left
  863. moparisthebest ah, haven't used Psi+, none of Conversations, Dino, Gajim let you
  864. tom No but 17MB would be a much saner limit
  865. tom To account for the 30% b64 overhead
  866. moparisthebest I'm in about 53 mucs, I don't want a 17mb avatar from any of them
  867. Ian Macdonald has joined
  868. Ian Macdonald has left
  869. Mel has left
  870. tom Google chrome and firefox doesn't do that so it's not a use case or feature worth considering. Lets apply that way of thinking to XMPP (sarcasm)
  871. Ian Macdonald has joined
  872. Ian Macdonald has left
  873. Araucaria A 1mb news article?
  874. moparisthebest HTTP has good ways of delivering large binary images
  875. Araucaria How do disable forwarding of large avatars?
  876. Araucaria How to disable forwarding of large avatars?
  877. Mel has joined
  878. Ian Macdonald has joined
  879. Ian Macdonald has left
  880. Ian Macdonald has joined
  881. Ian Macdonald has left
  882. Ian Macdonald has joined
  883. Ian Macdonald has left
  884. Ian Macdonald has joined
  885. Ian Macdonald has left
  886. moparisthebest going with the default stanza limits does it
  887. Ian Macdonald has joined
  888. Ian Macdonald has left
  889. tom moparisthebest: take some time to read about active queue management and why FIFO+burst is not adequate for interactive network communication
  890. Ian Macdonald has joined
  891. Ian Macdonald has left
  892. moparisthebest be the change you want to see tom , fix it, I'll apply your patch :)
  893. Holger tom: > Unless your actually getting ddosed, I would suggest holding off and letting this update stew for a while Huh? Doesn't that update just change *defaults*?
  894. Ian Macdonald has joined
  895. Ian Macdonald has left
  896. Holger I.e. if you don't like them you just set different values, problem solved, no?
  897. tom That's probably the case but i need to make sure if it and I haven't had the time to do that yet
  898. moparisthebest it's absolutely the case
  899. Ian Macdonald has joined
  900. Holger Ah okay. I was just wondering why you're recommending others not to update.
  901. Ian Macdonald has left
  902. Ian Macdonald has joined
  903. sebastian has left
  904. Ian Macdonald has left
  905. tom That's not what i'm doing. I'm just saying don't go barreling into an update like this that can effect federation so much
  906. tom Do update
  907. tom Don't rush this update
  908. tom The defaults are almost definitely not sane
  909. Holger I think we'll all be happy if you come to with a better solution. Until then, it's obviously a trade-off, so pretending someone is right and someone else wrong is just nonsense.
  910. Ian Macdonald has joined
  911. Ian Macdonald has left
  912. moparisthebest sorry but the update fixes a ton of real security issues even if you don't like the defaults
  913. moparisthebest telling people not to update is stupid
  914. Holger Stronger language won't make such statements more useful.
  915. moparisthebest update and set different values if you like
  916. xorman has left
  917. jonas’ moparisthebest: do you intend to publish your PoC? :)
  918. tom These are DoS vectors, not RCEs or anything like that
  919. Ian Macdonald has joined
  920. Ian Macdonald has left
  921. mjk has joined
  922. moparisthebest jonas’, sure, it's trivial for anyone to write after all, I was just going to wait ~1 week until updates were available for all the distros
  923. Ian Macdonald has joined
  924. Ian Macdonald has left
  925. henrik has left
  926. Ian Macdonald has joined
  927. Ian Macdonald has left
  928. Ian Macdonald has joined
  929. Ian Macdonald has left
  930. jonas’ moparisthebest: :+1:
  931. moparisthebest tom, the proxy65 one and dialback-without-dialback are security ones close enough to RCE
  932. Ian Macdonald has joined
  933. Ian Macdonald has left
  934. Ian Macdonald has joined
  935. Ian Macdonald has left
  936. Ian Macdonald has joined
  937. Ian Macdonald has left
  938. Ian Macdonald has joined
  939. Ian Macdonald has left
  940. Ian Macdonald has joined
  941. Ian Macdonald has left
  942. tom No it's not. » updated for safety, but due to the single-use nature of s2s dialback verification strings a timing attack on this module is not believed to be possible, or to grant an attacker any advantage if it were. And the proxy65 one just means public users can use some of your bandwidth
  943. Ian Macdonald has joined
  944. Ian Macdonald has left
  945. xorman has joined
  946. Ian Macdonald has joined
  947. Ian Macdonald has left
  948. tom Which for someone who already offers public internet services, is nothing new
  949. Ian Macdonald has joined
  950. Ian Macdonald has left
  951. Huxx has left
  952. Ian Macdonald has joined
  953. Ian Macdonald has left
  954. Ian Macdonald has joined
  955. Ian Macdonald has left
  956. Holger DDoS is all fine as long as you only permit the most restrictive TLS settings 😉
  957. Ian Macdonald has joined
  958. Ian Macdonald has left
  959. Ian Macdonald has joined
  960. Ian Macdonald has left
  961. tom » May 13 10:09:51 s2sout55b25f6478b0 info Outgoing s2s stream conference.nuegia.net->dismail.de closed: policy-violation (XML stanza is too big) » May 13 10:15:55 s2sout55b264c7beb0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 10:15:55 s2sout55b264c7beb0 info Outgoing s2s stream conference.nuegia.net->trashserver.net closed: policy-violation (XML stanza is too big) » May 13 10:26:00 s2sout55b2603c5950 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 10:26:00 s2sout55b2603c5950 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 10:27:00 s2sout55b26034b220 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 10:27:00 s2sout55b26034b220 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 10:29:20 s2sout55b268128800 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 10:29:20 s2sout55b268128800 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 10:33:16 s2sout55b26043e620 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 10:33:16 s2sout55b26043e620 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 10:35:53 s2sout55b2608cb970 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 10:35:53 s2sout55b2608cb970 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 10:42:38 s2sout55b25f299b80 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 10:42:38 s2sout55b25f299b80 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 10:48:34 s2sout55b25f5e7ae0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 10:48:34 s2sout55b25f5e7ae0 info Outgoing s2s stream conference.nuegia.net->dismail.de closed: policy-violation (XML stanza is too big) » May 13 11:02:33 s2sout55b26bc55000 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:02:33 s2sout55b26bc55000 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:02:57 s2sout55b25f3e0340 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:02:57 s2sout55b25f3e0340 info Outgoing s2s stream conference.nuegia.net->creep.im closed: policy-violation (XML stanza is too big) » May 13 11:18:56 s2sout55b264342cf0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:18:56 s2sout55b264342cf0 info Outgoing s2s stream conference.nuegia.net->dismail.de closed: policy-violation (XML stanza is too big) » May 13 11:22:17 s2sout55b2643ede80 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:22:17 s2sout55b2643ede80 info Outgoing s2s stream conference.nuegia.net->onionmessenger.com closed: policy-violation (XML stanza is too big) » May 13 11:22:32 s2sout55b2640147b0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:22:32 s2sout55b2640147b0 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:34:18 s2sout55b26366e740 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:34:18 s2sout55b26366e740 info Outgoing s2s stream conference.nuegia.net->dismail.de closed: policy-violation (XML stanza is too big) » May 13 11:42:48 s2sout55b2630c1650 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:42:48 s2sout55b2630c1650 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:43:31 s2sout55b263257a20 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:43:31 s2sout55b263257a20 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:44:57 s2sout55b25f22a870 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:44:57 s2sout55b25f22a870 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:46:04 s2sout55b25f33a650 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:46:04 s2sout55b25f33a650 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:49:57 s2sout55b262b23bf0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:49:57 s2sout55b262b23bf0 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:50:46 s2sout55b25f9c67c0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:50:46 s2sout55b25f9c67c0 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:52:48 s2sout55b2643e6b90 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:52:48 s2sout55b2643e6b90 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:56:12 s2sout55b25f52f640 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:56:12 s2sout55b25f52f640 info Outgoing s2s stream conference.nuegia.net->dismail.de closed: policy-violation (XML stanza is too big) » May 13 12:00:41 s2sout55b26458f4b0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 12:00:41 s2sout55b26458f4b0 info Outgoing s2s stream conference.nuegia.net->chat.sum7.eu closed: policy-violation (XML stanza is too big) » May 13 12:00:49 s2sout55b264d2ccc0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 12:00:49 s2sout55b264d2ccc0 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 12:03:31 s2sout55b2630b3a70 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 12:03:31 s2sout55b2630b3a70 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 12:04:47 s2sout55b25f58ddd0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 12:04:47 s2sout55b25f58ddd0 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 12:16:06 s2sout55b265614a80 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 12:16:06 s2sout55b265614a80 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) »
  962. tom This is what i'm afraid of if everyone just adopts these defaults all at ounce
  963. tom This issue getting much worse
  964. Ian Macdonald has joined
  965. moparisthebest > And the proxy65 one just means public users can use some of your bandwidth tom: and access all your private services, including those you thought were only on localhost :)
  966. Ian Macdonald has left
  967. xorman has left
  968. patasca has joined
  969. tom Why aren't you already running a firewall?
  970. moparisthebest and there's nothing wrong with that, you immediately open it back up and only the giant stanzas are lost
  971. moparisthebest you firewall localhost ?
  972. patasca has left
  973. patasca has joined
  974. rob > tom: and access all your private services, including those you thought were only on localhost :) Wait what? 😳🤓
  975. tom And btw, is that the case prosody's implementation of proxy65 allows local loopback and private addresses to be relayed to?
  976. Ian Macdonald has joined
  977. Ian Macdonald has left
  978. tom If so that's a much bigger problem that needs to be addressed
  979. Ian Macdonald has joined
  980. Ian Macdonald has left
  981. tom Not even coturn allows that
  982. moparisthebest maybe, that's what I think when I read "unrestricted access"
  983. sander has left
  984. tom No moparisthebest, that's not what the means. That
  985. tom S something very different
  986. tom Holy crap no
  987. Ian Macdonald has joined
  988. Ian Macdonald has left
  989. tom There should be more than just an authentication token proventing loopback address relaying
  990. moparisthebest then they are just using your server to download kiddie porn? I doubt that's better
  991. Ian Macdonald has joined
  992. Ian Macdonald has left
  993. Ian Macdonald has joined
  994. Ian Macdonald has left
  995. Ian Macdonald has joined
  996. Ian Macdonald has left
  997. tom moparisthebest: your talking to someone who runs openwireless.org and tor nodes
  998. tom That's a poor argument
  999. Ian Macdonald has joined
  1000. Ian Macdonald has left
  1001. marc0s has left
  1002. marc0s has joined
  1003. moparisthebest I'll be sure to use your server to DOS all the other prosody installations that refuse to set proper stanza sizes then :D
  1004. henrik has joined
  1005. moparisthebest (that was a joke I won't really do this)
  1006. Ian Macdonald has joined
  1007. Ian Macdonald has left
  1008. patasca has left
  1009. Ian Macdonald has joined
  1010. patasca has joined
  1011. Ian Macdonald has left
  1012. Ian Macdonald has joined
  1013. Ian Macdonald has left
  1014. tom This fix is like cutting someone's foot off to prevent them from getting an infected toenail
  1015. tom See the above logpaste for the problems it's been causing
  1016. Holger tom: What's the proper fix?
  1017. Ian Macdonald has joined
  1018. moparisthebest ^ this, please provide the proper fix then
  1019. Ian Macdonald has left
  1020. tom I don't know yet, possibly a larger stanza size limit that what's been set already, perhaps something more
  1021. Ian Macdonald has joined
  1022. Ian Macdonald has left
  1023. Holger I think it's just one of the cases where you need to apply limits to minimize the risk of resource exhaustion. The world of Internet services is full of such limits which have to exist short of better solutions.
  1024. Ian Macdonald has joined
  1025. Ian Macdonald has left
  1026. Holger tom: And if you're all about federation interop, it's weird to pretend this to be a Prosody-specific problem. Different servers running different limits is the interop issue when it comes to stuff such as avatars.
  1027. schäfchen726 has left
  1028. schäfchen726 has joined
  1029. Licaon_Kter tom: > This is what i'm afraid of if everyone just adopts these defaults all at ounce > This issue getting much worse What are they rejecting exactly?
  1030. ernst.on.tour has left
  1031. Ian Macdonald has joined
  1032. Ian Macdonald has left
  1033. Holger The real problem is, there's no way the publishing client could know the s2s limits of all (future) potential remote servers.
  1034. Ian Macdonald has joined
  1035. ernst.on.tour has joined
  1036. Ian Macdonald has left
  1037. Pingu from Woodquarter has left
  1038. Huxx has joined
  1039. Ian Macdonald has joined
  1040. Ian Macdonald has left
  1041. Holger So discussing how to handle this problem seems way more interesting to me than raging all about the actual default limit of a single implementation.
  1042. moparisthebest and if you are concerned about interop, the 2 main implementations agreeing on defaults is obviously a good thing
  1043. Ian Macdonald has joined
  1044. Ian Macdonald has left
  1045. moparisthebest but sure, the best thing about XMPP is if you come up with a solution, it can be implemented :D
  1046. Pingu from Woodquarter has joined
  1047. Holger And if for some reason you are aware of a saner default, because you know more than we, then this would probably be good to suggest to all implementations.
  1048. tom I'm not sure, it's not like it tells you which stanza was rejected from the perspective of an operator
  1049. tom I have some educated guesses
  1050. moparisthebest prosody can if you crank up the verbosity of the log to 11
  1051. Ian Macdonald has joined
  1052. Ian Macdonald has left
  1053. tom But it's not like we have a histogram of all stanza sizes vs time egressing our servers
  1054. moparisthebest you could write that module too to give you that, would be helpful, maybe it already exists ? iirc jonas’ was working on some stats module
  1055. tom That is true, however these failures and transient and unpredictable in nature
  1056. tom I'd have to enable debug right when it happens
  1057. Ian Macdonald has joined
  1058. Ian Macdonald has left
  1059. Holger Right. Educated guessed that discuss both sides of the trade-off. (in different ways than "c'mon it's just a DoS who cares") sound good to me.
  1060. tom It's not "who cares" it's not treating dos like rce
  1061. Ian Macdonald has joined
  1062. Ian Macdonald has left
  1063. Holger Note I've been the guy arguing for larger default limits for ejabberd. But it's less obvious to me that everyone concerned about DoS would be plain insane.
  1064. Ian Macdonald has joined
  1065. Ian Macdonald has left
  1066. tom Brb for a while please
  1067. Ian Macdonald has joined
  1068. Ian Macdonald has left
  1069. marc0s has left
  1070. marc0s has joined
  1071. Ian Macdonald has joined
  1072. Ian Macdonald has left
  1073. Ian Macdonald has joined
  1074. Ian Macdonald has left
  1075. moparisthebest openssl recently had a similar release by the way, and everyone rushed to update, the only impact was a remote attacker could crash your server on demand, same thing here
  1076. Ian Macdonald has joined
  1077. Ian Macdonald has left
  1078. Ian Macdonald has joined
  1079. riccio has left
  1080. riccio has joined
  1081. Ian Macdonald has left
  1082. Ian Macdonald has joined
  1083. Ian Macdonald has left
  1084. Ian Macdonald has joined
  1085. Ian Macdonald has left
  1086. authbot has left
  1087. authbot has joined
  1088. adrian@kiess.onl has left
  1089. kahlb has left
  1090. SJM has left
  1091. diane has left
  1092. seantodd has left
  1093. carlos has left
  1094. mike has left
  1095. *IM* has left
  1096. Wiktor has left
  1097. mathieui has left
  1098. Jonny has left
  1099. marc0s has left
  1100. eta has left
  1101. Django has left
  1102. CthulhuXOXOs has left
  1103. jonas’ has left
  1104. joerg has left
  1105. southerntofu has left
  1106. alberto has left
  1107. schäfchen726 has left
  1108. hotaru has left
  1109. diane has joined
  1110. Ian Macdonald has joined
  1111. Ian Macdonald has left
  1112. mike has joined
  1113. carlos has joined
  1114. Ian Macdonald has joined
  1115. Ian Macdonald has left
  1116. jonas’ has joined
  1117. abslimit has left
  1118. Django has joined
  1119. Ian Macdonald has joined
  1120. Ian Macdonald has left
  1121. patasca has left
  1122. Ian Macdonald has joined
  1123. Ian Macdonald has left
  1124. Ian Macdonald has joined
  1125. Ian Macdonald has left
  1126. Ian Macdonald has joined
  1127. Ian Macdonald has left
  1128. Ian Macdonald has joined
  1129. Ian Macdonald has left
  1130. Ian Macdonald has joined
  1131. Ian Macdonald has left
  1132. Ian Macdonald has joined
  1133. Ian Macdonald has left
  1134. Ian Macdonald has joined
  1135. Ian Macdonald has left
  1136. patasca has joined
  1137. Ian Macdonald has joined
  1138. Ian Macdonald has left
  1139. Ian Macdonald has joined
  1140. Ian Macdonald has left
  1141. rom1dep has left
  1142. Ian Macdonald has joined
  1143. carlos has left
  1144. Ian Macdonald has left
  1145. carlos has joined
  1146. Ian Macdonald has joined
  1147. Ian Macdonald has left
  1148. abslimit has joined
  1149. Ian Macdonald has joined
  1150. Ian Macdonald has left
  1151. Ian Macdonald has joined
  1152. Ian Macdonald has left
  1153. Ian Macdonald has joined
  1154. Ian Macdonald has left
  1155. kryptos has joined
  1156. Ian Macdonald has joined
  1157. Ian Macdonald has left
  1158. Ian Macdonald has joined
  1159. Ian Macdonald has left
  1160. Ian Macdonald has joined
  1161. Ian Macdonald has left
  1162. Ian Macdonald has joined
  1163. Ian Macdonald has left
  1164. Ian Macdonald has joined
  1165. Ian Macdonald has left
  1166. rom1dep has joined
  1167. Ian Macdonald has joined
  1168. Ian Macdonald has left
  1169. Ian Macdonald has joined
  1170. Ian Macdonald has left
  1171. Ian Macdonald has joined
  1172. Ian Macdonald has left
  1173. Ian Macdonald has joined
  1174. Ian Macdonald has left
  1175. Ian Macdonald has joined
  1176. Ian Macdonald has left
  1177. xorman has joined
  1178. Ian Macdonald has joined
  1179. Ian Macdonald has left
  1180. Ian Macdonald has joined
  1181. Ian Macdonald has left
  1182. Ian Macdonald has joined
  1183. Ian Macdonald has left
  1184. Ian Macdonald has joined
  1185. ernst.on.tour has left
  1186. Ian Macdonald has left
  1187. ernst.on.tour has joined
  1188. Ian Macdonald has joined
  1189. Ian Macdonald has left
  1190. Ian Macdonald has joined
  1191. Ian Macdonald has left
  1192. Ian Macdonald has joined
  1193. Ian Macdonald has left
  1194. Ian Macdonald has joined
  1195. Ian Macdonald has left
  1196. tom » <Holger> And if for some reason you are aware of a saner default, because you know more than we, then this would probably be good to suggest to all implementations. 17MB
  1197. Ian Macdonald has joined
  1198. Ian Macdonald has left
  1199. carlos has left
  1200. Bjarkan has left
  1201. moparisthebest tom, ok but, prosody with the previous 10MB limit could be made to eat 5gb of ram in seconds by a single connection, so... what's your proposal to solve that
  1202. moparisthebest also check other servers with that limit and see what happens
  1203. jl4 has joined
  1204. Bjarkan has joined
  1205. tom Even with the more aggressive garbage collection?
  1206. moparisthebest yes, and the more aggressive garbage collection causes unconstrained CPU usage without the bandwidth rate limiting you see
  1207. tom Where exactly is the memory leak happening? In the connection buffer or the parser itself?
  1208. moparisthebest ¯\_(ツ)_/¯ lua things....
  1209. Ian Macdonald has joined
  1210. Ian Macdonald has left
  1211. tom Well if only 10MB of data can be made to cause 5g resident usage in only a matter of second by a single connection something is very wrong
  1212. tom I'm sure there's a better solution out there
  1213. tom moparisthebest: there's no special noteworthy conditions your leaving out, like compression left on or something?
  1214. Araucaria has left
  1215. moparisthebest this is going to come off sarcastically even though I don't mean it to be
  1216. moparisthebest if you can come up with a better solution, great, please do so
  1217. moparisthebest nope, no compression, though it'd probably make it worse
  1218. tom Ok so it's not a zip bomb
  1219. Araucaria has joined
  1220. tom So
  1221. tom This is probably site specific
  1222. patasca has left
  1223. moparisthebest "stanza size limits" is really all you need to know, I'll release my POC next thursday assuming most distros have updated, but it's really just a few lines of trivial code
  1224. tom But in general, and if we are talking about defaults here, cputime is much cheaper than ram
  1225. tom I really wish the collateral damage of these mitigations would be taken more seriously than the dos vulnerability alone
  1226. Ian Macdonald has joined
  1227. Ian Macdonald has left
  1228. Bjarkan has left
  1229. Ian Macdonald has joined
  1230. Ian Macdonald has left
  1231. Ian Macdonald has joined
  1232. moparisthebest again if you are concerned about interop, having all major implementations agree on limits is a major win
  1233. Ian Macdonald has left
  1234. Ian Macdonald has joined
  1235. Ian Macdonald has left
  1236. moparisthebest all the problems you see will start to drop off
  1237. Ian Macdonald has joined
  1238. Ian Macdonald has left
  1239. Ian Macdonald has joined
  1240. patasca has joined
  1241. Ian Macdonald has left
  1242. tom 10mb is too small and i've had this issue before with that limit before this vuln was a concern
  1243. tom Emailing other operators
  1244. moparisthebest again, please do come up with a better solution, then maybe increasing them would be an option
  1245. moparisthebest I still don't see the point, giant avatars aren't suitable for xml, please come up with a *different* solution for those if you want them, one that has caching and such
  1246. Bjarkan has joined
  1247. Ian Macdonald has joined
  1248. Ian Macdonald has left
  1249. tom There's a prosody module for that
  1250. tom Caching muc vcards and avatars serverside
  1251. Ian Macdonald has joined
  1252. Ian Macdonald has left
  1253. moparisthebest one that doesn't involve cramming a bunch of binary in XML *and* has caching
  1254. moparisthebest probably involving HTTPS but that's left as an excercise for the developer of the XEP
  1255. Ian Macdonald has joined
  1256. Ian Macdonald has left
  1257. xorman has left
  1258. Ian Macdonald has joined
  1259. Ian Macdonald has left
  1260. Ian Macdonald has joined
  1261. Ian Macdonald has left
  1262. xorman has joined
  1263. tom has left
  1264. Ian Macdonald has joined
  1265. Ian Macdonald has left
  1266. Pingu from Woodquarter has left
  1267. Bjarkan has left
  1268. Pingu from Woodquarter has joined
  1269. Ian Macdonald has joined
  1270. Ian Macdonald has left
  1271. Ian Macdonald has joined
  1272. Ian Macdonald has left
  1273. Ian Macdonald has joined
  1274. Ian Macdonald has left
  1275. patasca has left
  1276. Araucaria has left
  1277. Ian Macdonald has joined
  1278. Ian Macdonald has left
  1279. undefined has joined
  1280. Bjarkan has joined
  1281. Ian Macdonald has joined
  1282. Ian Macdonald has left
  1283. Ian Macdonald has joined
  1284. Ian Macdonald has left
  1285. Araucaria has joined
  1286. Ian Macdonald has joined
  1287. Ian Macdonald has left
  1288. Ian Macdonald has joined
  1289. Ian Macdonald has left
  1290. patasca has joined
  1291. sebastian has joined
  1292. Ian Macdonald has joined
  1293. Ian Macdonald has left
  1294. ibikk has left
  1295. Ian Macdonald has joined
  1296. Ian Macdonald has left
  1297. Ian Macdonald has joined
  1298. Ian Macdonald has left
  1299. mjk has left
  1300. Ian Macdonald has joined
  1301. Ian Macdonald has left
  1302. Ian Macdonald has joined
  1303. Ian Macdonald has left
  1304. Ian Macdonald has joined
  1305. Ian Macdonald has left
  1306. Ian Macdonald has joined
  1307. Ian Macdonald has left
  1308. Ian Macdonald has joined
  1309. Ian Macdonald has left
  1310. Bjarkan has left
  1311. Ian Macdonald has joined
  1312. Ian Macdonald has left
  1313. Ian Macdonald has joined
  1314. Ian Macdonald has left
  1315. xorman has left
  1316. Steven Roose has left
  1317. Bjarkan has joined
  1318. Ian Macdonald has joined
  1319. Ian Macdonald has left
  1320. Pingu from Woodquarter has left
  1321. Ian Macdonald has joined
  1322. Ian Macdonald has left
  1323. Ian Macdonald has joined
  1324. Ian Macdonald has left
  1325. Huxx has left
  1326. patasca has left
  1327. patasca has joined
  1328. Pingu from Woodquarter has joined
  1329. Ian Macdonald has joined
  1330. Ian Macdonald has left
  1331. Steven Roose has joined
  1332. kahlb has joined
  1333. kryptos has left
  1334. Ian Macdonald has joined
  1335. Ian Macdonald has left
  1336. Bjarkan has left
  1337. Bjarkan has joined
  1338. Ian Macdonald has joined
  1339. Ian Macdonald has left
  1340. Ian Macdonald has joined
  1341. Ian Macdonald has left
  1342. Ian Macdonald has joined
  1343. Ian Macdonald has left
  1344. Ian Macdonald has joined
  1345. Ian Macdonald has left
  1346. Ian Macdonald has joined
  1347. Ian Macdonald has left
  1348. Ian Macdonald has joined
  1349. Ian Macdonald has left
  1350. Ian Macdonald has joined
  1351. Ian Macdonald has left
  1352. Ian Macdonald has joined
  1353. Ian Macdonald has left
  1354. Ian Macdonald has joined
  1355. Ian Macdonald has left
  1356. wladmis has joined
  1357. Ian Macdonald has joined
  1358. Ian Macdonald has left
  1359. sol has left
  1360. Ian Macdonald has joined
  1361. Ian Macdonald has left
  1362. Bjarkan has left
  1363. Bjarkan has joined
  1364. Ian Macdonald has joined
  1365. Ian Macdonald has left
  1366. Ian Macdonald has joined
  1367. Ian Macdonald has left
  1368. patasca has left
  1369. Ian Macdonald has joined
  1370. Ian Macdonald has left
  1371. Ian Macdonald has joined
  1372. Ian Macdonald has left
  1373. Ian Macdonald has joined
  1374. Ian Macdonald has left
  1375. patasca has joined
  1376. Ian Macdonald has joined
  1377. Ian Macdonald has left
  1378. karme has left
  1379. Ian Macdonald has joined
  1380. Ian Macdonald has left
  1381. Samir Allioui has left
  1382. Samir Allioui has joined
  1383. Ian Macdonald has joined
  1384. Ian Macdonald has left
  1385. Ian Macdonald has joined
  1386. Ian Macdonald has left
  1387. Ian Macdonald has joined
  1388. Ian Macdonald has left
  1389. Ian Macdonald has joined
  1390. Ian Macdonald has left
  1391. Ian Macdonald has joined
  1392. Ian Macdonald has left
  1393. Ian Macdonald has joined
  1394. Ian Macdonald has left
  1395. Ian Macdonald has joined
  1396. Ian Macdonald has left
  1397. sol has joined
  1398. Ian Macdonald has joined
  1399. Ian Macdonald has left
  1400. patasca has left
  1401. patasca has joined
  1402. Ian Macdonald has joined
  1403. Ian Macdonald has left
  1404. patasca has left
  1405. Ian Macdonald has joined
  1406. patasca has joined
  1407. Ian Macdonald has left
  1408. Ian Macdonald has joined
  1409. Ian Macdonald has left
  1410. Ian Macdonald has joined
  1411. Ian Macdonald has left
  1412. Pingu from Woodquarter has left
  1413. Ian Macdonald has joined
  1414. Ian Macdonald has left
  1415. Pingu from Woodquarter has joined
  1416. steven has left
  1417. Ian Macdonald has joined
  1418. Ian Macdonald has left
  1419. Ian Macdonald has joined
  1420. Ian Macdonald has left
  1421. Ian Macdonald has joined
  1422. Ian Macdonald has left
  1423. Ian Macdonald has joined
  1424. Ian Macdonald has left
  1425. Ian Macdonald has joined
  1426. Ian Macdonald has left
  1427. Ian Macdonald has joined
  1428. Ian Macdonald has left
  1429. Ian Macdonald has joined
  1430. Ian Macdonald has left
  1431. Ian Macdonald has joined
  1432. Ian Macdonald has left
  1433. Ian Macdonald has joined
  1434. Ian Macdonald has left
  1435. Ian Macdonald has joined
  1436. Ian Macdonald has left
  1437. Ian Macdonald has joined
  1438. Ian Macdonald has left
  1439. kryptos has joined
  1440. marc0s has joined
  1441. Ian Macdonald has joined
  1442. Ian Macdonald has left
  1443. wladmis has left
  1444. Ian Macdonald has joined
  1445. Ian Macdonald has left
  1446. wladmis has joined
  1447. Ian Macdonald has joined
  1448. Ian Macdonald has left
  1449. Ian Macdonald has joined
  1450. Ian Macdonald has left
  1451. Ian Macdonald has joined
  1452. Ian Macdonald has left
  1453. Ian Macdonald has joined
  1454. Ian Macdonald has left
  1455. Ian Macdonald has joined
  1456. Ian Macdonald has left
  1457. patasca has left
  1458. patasca has joined
  1459. Ian Macdonald has joined
  1460. Ian Macdonald has left
  1461. Ian Macdonald has joined
  1462. Ian Macdonald has left
  1463. Ian Macdonald has joined
  1464. Ian Macdonald has left
  1465. Pingu from Woodquarter has left
  1466. Pingu from Woodquarter has joined
  1467. Ian Macdonald has joined
  1468. Ian Macdonald has left
  1469. Ian Macdonald has joined
  1470. Ian Macdonald has left
  1471. Ian Macdonald has joined
  1472. Ian Macdonald has left
  1473. Ian Macdonald has joined
  1474. Ian Macdonald has left
  1475. kryptos has left
  1476. Ian Macdonald has joined
  1477. Ian Macdonald has left
  1478. Ian Macdonald has joined
  1479. Ian Macdonald has left
  1480. Ian Macdonald has joined
  1481. xorman has joined
  1482. Ian Macdonald has left
  1483. Ian Macdonald has joined
  1484. Ian Macdonald has left
  1485. Ian Macdonald has joined
  1486. Ian Macdonald has left
  1487. Ian Macdonald has joined
  1488. Ian Macdonald has left
  1489. Ian Macdonald has joined
  1490. Ian Macdonald has left
  1491. Ian Macdonald has joined
  1492. Ian Macdonald has left
  1493. Ian Macdonald has joined
  1494. Ian Macdonald has left
  1495. pod has left
  1496. Ian Macdonald has joined
  1497. Ian Macdonald has left
  1498. ross has left
  1499. ross has joined
  1500. Ian Macdonald has joined
  1501. Ian Macdonald has left
  1502. Ian Macdonald has joined
  1503. Ian Macdonald has left
  1504. ross has left
  1505. ross has joined
  1506. wladmis has left
  1507. Ian Macdonald has joined
  1508. Ian Macdonald has left
  1509. Ian Macdonald has joined
  1510. Ian Macdonald has left
  1511. Ian Macdonald has joined
  1512. Ian Macdonald has left
  1513. Ian Macdonald has joined
  1514. Ian Macdonald has left
  1515. Ian Macdonald has joined
  1516. Ian Macdonald has left
  1517. Ian Macdonald has joined
  1518. Ian Macdonald has left
  1519. Ian Macdonald has joined
  1520. Ian Macdonald has left
  1521. Ian Macdonald has joined
  1522. Ian Macdonald has left
  1523. Ian Macdonald has joined
  1524. Ian Macdonald has left
  1525. abidal3 has left
  1526. kryptos has joined
  1527. patasca has left
  1528. patasca has joined
  1529. Ian Macdonald has joined
  1530. Ian Macdonald has left
  1531. Ian Macdonald has joined
  1532. Ian Macdonald has left
  1533. Ian Macdonald has joined
  1534. Ian Macdonald has left
  1535. Ian Macdonald has joined
  1536. Ian Macdonald has left
  1537. Ian Macdonald has joined
  1538. Ian Macdonald has left
  1539. edhelas has left
  1540. edhelas has joined
  1541. Ian Macdonald has joined
  1542. Ian Macdonald has left
  1543. Ian Macdonald has joined
  1544. Ian Macdonald has left
  1545. Ian Macdonald has joined
  1546. Ian Macdonald has left
  1547. Ian Macdonald has joined
  1548. Ian Macdonald has left
  1549. Ian Macdonald has joined
  1550. Ian Macdonald has left
  1551. Ian Macdonald has joined
  1552. Ian Macdonald has left
  1553. kryptos has left
  1554. Ian Macdonald has joined
  1555. Ian Macdonald has left
  1556. Ian Macdonald has joined
  1557. Ian Macdonald has left
  1558. argon3771 has joined
  1559. Ian Macdonald has joined
  1560. Ian Macdonald has left
  1561. Ian Macdonald has joined
  1562. Ian Macdonald has left
  1563. Pingu from Woodquarter has left
  1564. Ian Macdonald has joined
  1565. Pingu from Woodquarter has joined
  1566. Ian Macdonald has left
  1567. Ian Macdonald has joined
  1568. Ian Macdonald has left
  1569. Ian Macdonald has joined
  1570. Ian Macdonald has left
  1571. Mel has left
  1572. Ian Macdonald has joined
  1573. Ian Macdonald has left
  1574. Ian Macdonald has joined
  1575. Ian Macdonald has left
  1576. Ian Macdonald has joined
  1577. Ian Macdonald has left
  1578. Mel has joined
  1579. patasca has left
  1580. Ian Macdonald has joined
  1581. Ian Macdonald has left
  1582. Ian Macdonald has joined
  1583. Ian Macdonald has left
  1584. abidal3 has joined
  1585. Araucaria has left
  1586. Araucaria has joined
  1587. Ian Macdonald has joined
  1588. Ian Macdonald has left
  1589. madmalkav has left
  1590. Ian Macdonald has joined
  1591. Ian Macdonald has left
  1592. jl4 has left
  1593. kryptos has joined
  1594. Ian Macdonald has joined
  1595. Ian Macdonald has left
  1596. marc0s has left
  1597. marc0s has joined
  1598. Ian Macdonald has joined
  1599. Ian Macdonald has left
  1600. Django has left
  1601. Ian Macdonald has joined
  1602. Ian Macdonald has left
  1603. Ian Macdonald has joined
  1604. Ian Macdonald has left
  1605. neox has left
  1606. Ian Macdonald has joined
  1607. Ian Macdonald has left
  1608. Jonny has joined
  1609. x187x has left
  1610. Ian Macdonald has joined
  1611. Ian Macdonald has left
  1612. Mel has left
  1613. seantodd has joined
  1614. Mel has joined
  1615. patasca has joined
  1616. Ian Macdonald has joined
  1617. Ian Macdonald has left
  1618. Ian Macdonald has joined
  1619. Ian Macdonald has left
  1620. Sam has left
  1621. Ian Macdonald has joined
  1622. Ian Macdonald has left
  1623. Sam has joined
  1624. sol has left
  1625. Ian Macdonald has joined
  1626. Ian Macdonald has left
  1627. Ian Macdonald has joined
  1628. Ian Macdonald has left
  1629. Ian Macdonald has joined
  1630. Ian Macdonald has left
  1631. kryptos has left
  1632. Jonny has left
  1633. Ian Macdonald has joined
  1634. Ian Macdonald has left
  1635. Ian Macdonald has joined
  1636. Ian Macdonald has left
  1637. Pingu from Woodquarter has left
  1638. Ian Macdonald has joined
  1639. Ian Macdonald has left
  1640. Ian Macdonald has joined
  1641. Ian Macdonald has left
  1642. Jonny has joined
  1643. Pingu from Woodquarter has joined
  1644. Ian Macdonald has joined
  1645. Ian Macdonald has left
  1646. schäfchen726 has joined
  1647. Ian Macdonald has joined
  1648. Ian Macdonald has left
  1649. Ian Macdonald has joined
  1650. Ian Macdonald has left
  1651. Ian Macdonald has joined
  1652. Ian Macdonald has left
  1653. sol has joined
  1654. Ian Macdonald has joined
  1655. Ian Macdonald has left
  1656. Suren has left
  1657. Ian Macdonald has joined
  1658. Ian Macdonald has left
  1659. Ian Macdonald has joined
  1660. Ian Macdonald has left
  1661. kryptos has joined
  1662. Ian Macdonald has joined
  1663. Ian Macdonald has left
  1664. ross has left
  1665. ross has joined
  1666. CthulhuXOXOs has joined
  1667. Ian Macdonald has joined
  1668. Ian Macdonald has left
  1669. Ian Macdonald has joined
  1670. Ian Macdonald has left
  1671. Ian Macdonald has joined
  1672. Ian Macdonald has left
  1673. schäfchen726 has left
  1674. patasca has left
  1675. patasca has joined
  1676. Ian Macdonald has joined
  1677. Ian Macdonald has left